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2a)D This action is FINAL. 2b)M This action is non-final. 
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DETAILED ACTION 
Election/Restrictions 

1 . Applicant's election with traverse of Group I, claims 1-15 in Paper No. 8 is 
acknowledged. The traversal is on the ground(s) that a thorough search and 
examination of either claim group would be relevant to the examination of the other 
group. This is not found persuasive because the inventions l-lll are related as 
subcombinations disclosed as usable together in a single combination. The 
subcombinations are distinct from each other if they are shown to be separately usable. 
For example, group I (claims 1-15) is drawn to a method for providing access based on 
user profiles by creating user profile, electronic profile for data, establishing rule and 
method for accessing. Group II (claim 16) is drawn to a method of generating a 
database based on predetermined rules and criteria. Group III (claims 17-20) is drawn 
to a network system with a client system and a server system, which manages 
registration process, authorization process and maintenance process. However, 
examiner reconsiders group II (claim 16), which is drawn to a database providing 
access to users with Rule Based Access Guidelines. Thus, claim 16 is examined along 
with group I. Group III (claims 17-20) is withdrawifrom further consideration and search. 
The requirement is still deemed proper and is therefore made FINAL. 



1 
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Claim Objections 

2. Claim 2 is objected to because of the following informalities: OHR 
Application and an RFCA Application. They should be Oracle Human Resource Application 
and a Request For Computer Access Application. Appropriate correction is required. 



Claim Rejections - 35 USC §112 

3. The following is a quotation of the first paragraph of 35 U.S.C. 112: 

The specification shall contain a written description of the invention, and of the manner and process of 
making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the 
art to which it pertains, or with which it is most nearly connected, to make and use the same and shall 
set forth the best mode contemplated by the inventor of carrying out his invention. 

4. Claim 5 is rejected under 35 U.S.C. 112, first paragraph, as failing to 
comply with the written description requirement. The claim(s) contains subject 
matter, which was not described in the specification in such a way as to 
reasonably convey to one skilled in the relevant art that the inventor(s), at the 
time the application was filed, had possession of the claimed invention. 

Regarding to claim 5, the step of notifying the user of the decision within a pre- 
determined time frame was not described in the specification. 
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Claim Rejections - 35 USC § 103 

5. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for 
all obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

This application currently names joint inventors. In considering patentability of 

the claims under 35 U.S.C. 103(a), the examiner presumes that the subject matter of 

the various claims was commonly owned at the time any inventions covered therein 

were made absent any evidence to the contrary. Applicant is advised of the obligation 

under 37 CFR 1 .56 to point out the inventor and invention dates of each claim that was 

not commonly owned at the time a later invention was made in order for the examiner to 

consider the applicability of 35 U.S.C. 103(c) and potential 35 U.S.C. 102(e), (f) or (g) 

prior art under 35 U.S.C. 103(a). 

6. Claims 1 and 3-4 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Kraenzel [USP 6,513,039] in view of Behera [USP 6,535,879]. 

Regarding to claim 1 , Kraenzel teaches a method for generating a profile of a 
network user based on a user's access privileges stored in an access control list (ACL). 
Profile generating systems is a client/server system having multiple users connected 
over a network, wherein users may also be connected to one or more databases via the 



Application/Control Number: 09/842,577 Page 5 

Art Unit: 2172 

network (Kraenzel, Col. 1, lines 13-18). As shown in FIG. 1, a profile compiling/updating 
object 32 may use the information received from user affinity determining object 30 to 
generate a user profile (Kraenzel, Col. 2, lines 65-67) as the step of creating an 
electronic profile for a user within a centralized database. To prevent access to objects 
containing, for example, confidential or proprietary information, users may be assigned 
levels of access privileges. Access privileges may be, for example, read-only, edit, etc. 
Access privileges may be assigned by a system administrator and stored in an access 
control list or ACL (Kraenzel, Col. 1 , lines 1 8-26) as the step of creating an ACL as an 
electronic profile for data within the centralized database. As shown in FIG. 3, a user 
accesses a requested object in a database at step 152. The user's access privileges for 
the object(s) requested is retrieved at step 154. Based on step 154, step 156 
determines whether the user's access privileges meet the minimum requirements set by 
the object administrator. If the user's access privileges meet the minimum requirements, 
step 158 retrieves the requested object and step 160 presents the object(s) to the user. 
If, however, step 156 determines that the user's access privileges do not meet the 
minimum requirements set by a system administrator for that object(s), step 162 
determines whether the user has requested additional privileges from the system 
administrator. If additional privileges have not been requested, step 164 notifies the 
user that access has been denied. Otherwise, step 166 determines if additional 
privileges have been granted. If additional privileges have been granted, step 168 
updates the ACL and may proceed to retrieve and present the requested object using 
steps 158 and 160 respectively. If step 166 determines that additional privileges have 
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not been granted, the user may be notified that access has been denied using step 164 
(Kraenzel, Col. 4, lines 20-43). As seen, the procedure for accessing a requested object 
of FIG. 3 as methodology is established for user access. In order to grant access to a 
requested object or making a decision with reference to the user access, access privileges 
in ACL and user profile are compared, and the procedure is processed as at step 1 58- 
1 66 to complete an evaluation based on the electronic profiles, and operating methodology in 
response to a request from the user for access. Kraenzel does not explicitly teach pre- 
determined rules are established, and the evaluation based on pre-determined rules. Behera 
teaches a method to control access via properties system by providing ACL rules based 
on the properties associated with the entries (Behera, Col. 1 , line 64-Col. 2, line 5). 
Behera further discloses the step of establishing pre-determined rules (Behera, Col. 4, 
lines 25-54) and evaluating the pre-determined rules to grant access to a user (Behera, 
Col. 6, lines 13-16). Therefore, it would have been obvious for one of ordinary skill in the 
art at the time the invention was made to modify the Kraenzel method by applying the 
access rules to the ACL as taught by Behera in order to grant access to a user or a 
group to a particular attribute object in the database. 

Regarding to claim 3, Kraenzel and Behera teaches all the claimed subject 
matters as discussed in claim 1 , Kraenzel further discloses the step of creating data 
profiles based on at least one of Data Elements, Data Tags, Rules of Access, an Approver's 
Name for Each Rule of Access, Rules of Exclusion, an Exception List, and Field Tags 
(Kraenzel, Col. 1, lines 13-26). 
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Regarding to claim 4, Kraenzel and Behera teaches all the claimed subject 
matters as discussed in claim 3, Behera further discloses the step of establishing pre- 
determined rules in the centralized database based on at least one of Rule Based Access 
guidelines, Group Based Access guidelines, Search & Subscribe Utilities guidelines, Active 
Positioning Monitoring guidelines, Hard Exclusion Rules guidelines, and Access Audits 
guidelines; and establishing methodology to ensure timely and accurate decision making 
based on criteria established by the management (Behera, Col. 4, lines 26-55). 

7. Claim 2 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Kraenzel [USP 6,513,039] in view of Behera [USP 6,535,879], CERN 
[Administrative Information Services, Oracle HR] and Lillibridge [USP 6,195,698 
B1]. 

Regarding to claim 2, Kraenzel and Behera teaches all the claimed subject 
matters as discussed in claim 1 , but fails to disclose the step of creating an electronic 
profile based on information available from at least one an OHR Application and an RFCA 
Application. CERN teaches an OHR application and Lillibridge teaches an RFCA 
Application (Lillibridge, Col. 8, lines 35-46). Therefore, it would have been obvious for 
one of ordinary skill in the art at the time the invention was made to modify the Kraenzel 
and Behera method by using information from OHR Application and RFCA Application 
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to build the electronic profile in order to distribute object to a user or a group via IP 
address. 

8. Claims 5-15 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Kraenzel [USP 6,513,039] in view of Stockwell et al. [USP 
5,950,195]. 

Regarding to claim 5, Kraenzel teaches a method for generating a profile of a 
network user based on a user's access privileges stored in an access control list (ACL). 
Profile generating systems is a client/server system having multiple users connected 
over a network, wherein users may also be connected to one or more databases via the 
network (Kraenzel, Col. 1, lines 13-18). As shown in FIG. 1, a profile compiling/updating 
object 32 may use the information received from user affinity determining object 30 to 
generate a user profile (Kraenzel, Col. 2, lines 65-67) as the step of providing capabilities 
for a user to request access to information that the user currently does not have access to. To 
prevent access to objects containing, for example, confidential or proprietary 
information, users may be assigned levels of access privileges. Access privileges may 
be, for example, read-only, edit, etc. Access privileges may be assigned by a system 
administrator and stored in an access control list or ACL (Kraenzel, Col. 1, lines 18-26). 
As shown in FIG. 3, a user accesses a requested object in a database at step 152. The 
user's access privileges for the object(s) requested is retrieved at step 154. Based on 
step 154, step 156 determines whether the user's access privileges meet the minimum 
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requirements set by the object administrator. If the user's access privileges meet the 
minimum requirements, step 158 retrieves the requested object and step 160 presents 
the object(s) to the user. If, however, step 156 determines that the user's access 
privileges do not meet the minimum requirements set by a system administrator for that 
object(s), step 162 determines whether the user has requested additional privileges 
from the system administrator. If additional privileges have not been requested, step 
164 notifies the user that access has been denied. Otherwise, step 166 determines if 
additional privileges have been granted. If additional privileges have been granted, step 
168 updates the ACL and may proceed to retrieve and present the requested object 
using steps 158 and 160 respectively. If step 166 determines that additional privileges 
have not been granted, the user may be notified that access has been denied using 
step 164 (Kraenzel, Col. 4, lines 20-43). As seen, the technique as discussed indicates 
the steps of tracking a status of the request; obtaining a decision from an owner of the data 
requested; implementing the decision; and notifying the user of the decision. Kraenzel fails to 
teach a pre-determined time frame is set up when notifying the user. Stockwell teaches a 
pre-determined time frame could be configured in an ACL for a connection (Stockwell, 
Col. 9, line 60-Col. 10, line 8). Therefore, it would have been obvious for one of ordinary 
skill in the art at the time the invention was made to modify the Kraenzel method by 
including a pre-determined time frame in the ACL in order to keep track a transaction in 
a client/server system. 
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Regarding to claim 6, Kraenzel and Stockwell teaches all the claimed subject 
matters as discussed in claim 5, Kraenzel further discloses the step of obtaining at least 
one of an approval decision and a disapproval decision (Kraenzel, Col. 4, lines 20-43). 

Regarding to claim 7, Kraenzel and Stockwell teaches all the claimed subject 
matters as discussed in claim 5, Kraenzel further discloses the step of reviewing and 
auditing the user access (Kraenzel, Col. 4, lines 20-43). 

Regarding to claim 8, Kraenzel and Stockwell teaches all the claimed subject 
matters as discussed in claim 5, Kraenzel further discloses the step of creating a 
consistent security model that includes centralized administration of security of the system and 
uses single user profile and privilege for accessing different applications (Col. 3, lines 1-15; 
Col. 4, lines 20-43). 

Regarding to claim 9, Kraenzel and Stockwell teaches all the claimed subject 
matters as discussed in claim 5, Kraenzel further discloses the step of creating user 
profiles; providing access control to data associated with user profiles; defining permissions 
based on a user identifier associated with user profiles; and developing a specification for user 
interfaces (Kraenzel, Col. 3, line 1-Col. 4, line 13). 

Regarding to claim 10, Kraenzel and Stockwell teaches all the claimed subject 
matters as discussed in claim 5, Kraenzel further discloses the step providing 
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administration of a common security model for access control and event notification 
(Kraenzel, FIG. 3). 

Regarding to claim 1 1 , Kraenzel and Stockwell teaches all the claimed subject 
matters as discussed in claim 5, Kraenzel further discloses the step of updating profiles 
automatically on at least one of a pre-determined timed interval and a change in organization 
hierarchy (Kraenzel, Col. 3, lines 33-42). 

Regarding to claim 12, Kraenzel and Stockwell teaches all the claimed subject 
matters as discussed in claim 5, Kraenzel and Stockwell does not teach the step of 
updating profiles automatically when a user transfers departments. However, as disclosed 
by Kraenzel, profile system 14 may automatically update a user's profile by periodically 
checking the ACL of the network. This may be performed on a routine basis, or on a 
random basis, when requested by a system administrator, or at various other instances. 
System 14 may also use the above process for updating a user profile by simply adding 
supplemental information to the user profile (Kraenzel, Col. 3, lines 33-42). Thus, when 
a user transfers departments, system administrator updates the ACL, and user profile 
will be updated automatically. Therefore, it would have been obvious for one of ordinary 
skill in the art at the time the invention was made to modify the Kraenzel and Stockwell 
method by including the step of updating profiles when a user transfers department in 
order to control access to a database. 
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Regarding to claim 13, Kraenzel and Stockwell teaches all the claimed subject 
matters as discussed in claim 5, Kraenzel further discloses the step of generating access 
list reports that identify; accessible and non-accessible data and restrictions for access 
(Kraenzel, Col. 1, lines 20-26 and Col. 2, lines 12-16). 

Regarding to claim 14, Kraenzel and Stockwell teaches all the claimed subject 
matters as discussed in claim 5, Kraenzel further discloses the step of retrieving 
information from the centralized database in response to a specific inquiry from an 
administrator (Kraenzel, Col. 4, lines 20-43). 

Regarding to claim 15, Kraenzel and Stockwell teaches all the claimed subject 
matters as discussed in claim 5, Stockwell further discloses the client system and the 
server system are connected via a network and wherein the network is one of a wide area 
network, a local area network, an intranet and the Internet (Stockwell, Col. 4, lines 21-28). 

9. Claim 16 is rejected under 35 U.S.C. 103(a) as being unpatentable 
over Behera [USP 6,535,879] in view of Kraenzel [USP 6,513,039 B1]. 

Regarding to claim 16, Behera teaches a LDAP as a database configured to be 
protected from access by using Access Control List or ACL. The Directory Server 
Administrator creates basic ACL rules that grant specific users access to certain 
information in the directory (Behera, Col. 3, lines 9-37). Behera further discloses the 
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ACL rules that comprises data corresponding to at least one of Rule Based Access 
guidelines, Group Based Access guidelines, Search & Subscribe Utilities guidelines, Active 
Positioning Monitoring guidelines, Hard Exclusion Rules guidelines, and Access Audits 
guidelines; data corresponding to applications that cross-references the applications data 
against unique identifiers; data corresponding to users that cross-references the users data 
against unique identifiers (Behara, Col. 4, lines 38-55). Although the directory server 
matches the desired attributes within the specified attribute fieldname with the user's 
attributes for allowing access to the directory entry only if the user has the desired 
attribute values. Behera fails to teach data corresponding to various methodologies that 
facilitates accurate decision making. Kraenzel teaches a method for generating a profile of 
a network user based on a user's access privileges stored in an access control list 
(ACL). Profile generating systems is a client/server system having multiple users 
connected over a network, wherein users may also be connected to one or more 
databases via the network (Kraenzel, Col. 1, lines 13-18). As shown in FIG. 3, a user 
accesses a requested object in a database at step 152. The user's access privileges for 
the object(s) requested is retrieved at step 154. Based on step 154, step 156 
determines whether the user's access privileges meet the minimum requirements set by 
the object administrator. If the user's access privileges meet the minimum requirements, 
step 158 retrieves the requested object and step 160 presents the object(s) to the user. 
If, however, step 156 determines that the user's access privileges do not meet the 
minimum requirements set by a system administrator for that object(s), step 162 
determines whether the user has requested additional privileges from the system 
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administrator. If additional privileges have not been requested, step 164 notifies the 
user that access has been denied. Otherwise, step 166 determines if additional 
privileges have been granted. If additional privileges have been granted, step 168 
updates the ACL and may proceed to retrieve and present the requested object using 
steps 158 and 160 respectively. If step 166 determines that additional privileges have 
not been granted, the user may be notified that access has been denied using step 164 
(Kraenzel, Col. 4, lines 20-43). As seen, the procedure for accessing a requested object 
of FIG. 3 as various methodologies that facilitates accurate decision making, the retrieved 
object and notified data are data corresponding to various methodologies. Therefore, it 
would have been obvious for one of ordinary skill in the art at the time the invention was 
made to modify the Behera technique by using the method of access as taught by 
Kraenzel in order to process an access request of a user. 



1 0. Any inquiry concerning this communication or earlier communications from 
the examiner should be directed to HUNG Q PHAM whose telephone number is 703- 
605-4242. The examiner can normally be reached on Monday-Friday. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, KIM Y VU can be reached on 703-305-4393. The fax phone number for the 
organization where this application or proceeding is assigned is (703) 872-9306. 



Conclusion 
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Any inquiry of a general nature or relating to the status of this application or 
proceeding should be directed to the receptionist whose telephone number is 703-305- 
3900. 

Examiner Hung Pham 
September 29, 2003 
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